Simple Cloud NAT management, with optional router creation.
module "nat" {
source = "./fabric/modules/net-cloudnat"
project_id = var.project_id
region = var.region
name = "default"
router_network = var.vpc.self_link
}
# tftest modules=1 resources=2 e2eSubnetwork configuration is defined via the config_source_subnetworks variable:
- the default is to configure all ranges for all subnets
- to only configure primary ranges set
config_source_subnetworks.primary_ranges_onlytotrue - to specify a list of subnets set
config_source_subnetworks.alltofalseand provide a list of subnets inconfig_source_subnetworks.subnetworks
When specifying subnets the default for IP ranges is to consider all ranges (primary and secondaries). More control can be obtained via the all subnetwork attribute: when set to false only the primary subnet range is considered, unless secondary ranges are specified via the secondary_ranges attribute.
module "nat" {
source = "./fabric/modules/net-cloudnat"
project_id = var.project_id
region = var.region
name = "default"
router_network = var.vpc.self_link
config_source_subnetworks = {
all = false
subnetworks = [
{
# all ip ranges
self_link = "projects/${var.project_id}/regions/${var.region}/subnetworks/net-0"
},
{
# primary range only
self_link = "projects/${var.project_id}/regions/${var.region}/subnetworks/net-1"
all_ranges = false
},
{
# both primary and specified secondary ranges
self_link = "projects/${var.project_id}/regions/${var.region}/subnetworks/net-2"
all_ranges = false
secondary_ranges = ["pods"]
}
]
}
}
# tftest modules=1 resources=2module "addresses" {
source = "./fabric/modules/net-address"
project_id = var.project_id
external_addresses = {
a1 = { region = var.region }
a2 = { region = var.region }
a3 = { region = var.region }
}
}
module "nat" {
source = "./fabric/modules/net-cloudnat"
project_id = var.project_id
region = var.region
name = "nat"
router_network = var.vpc.self_link
addresses = [
module.addresses.external_addresses["a1"].self_link,
module.addresses.external_addresses["a3"].self_link
]
config_port_allocation = {
enable_endpoint_independent_mapping = false
}
rules = [
{
description = "rule1"
match = "destination.ip == '8.8.8.8'"
source_ips = [
module.addresses.external_addresses["a2"].self_link
]
}
]
}
# tftest modules=2 resources=5 inventory=rules.yaml e2e| name | description | type | required | default |
|---|---|---|---|---|
| name | Name of the Cloud NAT resource. | string |
✓ | |
| project_id | Project where resources will be created. | string |
✓ | |
| region | Region where resources will be created. | string |
✓ | |
| addresses | Optional list of external address self links. | list(string) |
[] |
|
| config_port_allocation | Configuration for how to assign ports to virtual machines. min_ports_per_vm and max_ports_per_vm have no effect unless enable_dynamic_port_allocation is set to 'true'. | object({…}) |
{} |
|
| config_source_subnetworks | Subnetwork configuration. | object({…}) |
{} |
|
| config_timeouts | Timeout configurations. | object({…}) |
{} |
|
| logging_filter | Enables logging if not null, value is one of 'ERRORS_ONLY', 'TRANSLATIONS_ONLY', 'ALL'. | string |
null |
|
| router_asn | Router ASN used for auto-created router. | number |
null |
|
| router_create | Create router. | bool |
true |
|
| router_name | Router name, leave blank if router will be created to use auto generated name. | string |
null |
|
| router_network | Name of the VPC used for auto-created router. | string |
null |
|
| rules | List of rules associated with this NAT. | list(object({…})) |
[] |
| name | description | sensitive |
|---|---|---|
| id | Fully qualified NAT (router) id. | |
| name | Name of the Cloud NAT. | |
| nat_ip_allocate_option | NAT IP allocation mode. | |
| region | Cloud NAT region. | |
| router | Cloud NAT router resources (if auto created). | |
| router_name | Cloud NAT router name. |